Threat Landscape Dashboard

Assessing today's threats and the relationships between them

8.00

A vulnerability in some versions of Microsoft Office and WordPad could lead to remote code execution. The flaw lies in the handling of a specially crafted file. Successful exploitation by a remote attacker could result in the execution of arbitrary code.

8.00

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 mishandles file upload, which allows remote attackers to execute arbitrary commands via a #cmd= string in a crafted Content-Type HTTP header, as exploited in the wild in March 2017.

7.00

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

7.00

A vulnerability in some versions of Microsoft Office could lead to remote code execution. The flaw lies in the Encapsulated PostScript Filter. Successful exploitation by a remote attacker could result in the execution of arbitrary code.

CVE-2015-5122

10.00
6.00

Description:

A vulnerability in some versions of Adobe Flash Player could lead to remote code execution. The flaw lies in opaqueBackground. Successful exploitation by a remote attacker could result in the execution of arbitrary code or a denial of service